IN THE CLAIMS : 

Please amend claims 14, 20, 21, 25 and 26 as follows. 
1. (Previously Presented) A method, comprising: 

generating a set of subscriber-specific authentication data blocks into the network, 
each data block containing a challenge, a response and a key, whereby the generation is 
performed in the same manner as in a known mobile communications system; 

transmitting at least some of the challenges contained in the authentication data 
blocks to the terminal; 

choosing one of the challenges for use in the terminal, and based on the challenge, 
determining a response and a key to be used with an aid of an identification unit of the 
terminal essentially in the same way as in a subscriber identification module of the 
mobile communication system; 

determining an authenticator with an aid of the chosen key in the terminal; 

transmitting, from the terminal to the network, the authenticator and a data unit, 
the data unit containing information relating to the manner in which the authentication is 
formed and notifying the network with the aid of the data unit of which key 
corresponding to which challenge was chosen, and a check value with the aid of the 
chosen key in the network; and 

comparing the check value with the authenticator. 
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2. (Previously Presented) The method as defined in claim 1, wherein the data unit 
is a security parameter index in the registration message of the mobile internet protocol . 

3. (Previously Presented) The method as defined in claim 1, wherein the value of 
the response determined at the terminal is inserted into the data unit. 

4. (Previously Presented) The method as defined in claim 1, wherein the 
challenges are sorted in an order at the terminal with the aid of predetermined sorting 
criteria and a consecutive number corresponding to the chosen challenge is inserted into 
the data unit. 

5. (Previously Presented) The method as defined in claim 1, wherein the 
identification unit used in the terminal is the subscriber identity module used by the 
known global system for mobile communication system and the authentication data 
blocks are authentication triplets used by the global system for mobile communication 
system. 

6. (Previously Presented) The method as defined in claim 5, wherein the 
authentication triplets are fetched from the authentication center of the global system for 
mobile communication system. 
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7. (Previously Presented) The method as defined in claim 6, wherein the 
challenges to be transmitted to the terminal are transmitted by using a known short 
message switching service. 

8. (Previously Presented) The method as defined in claim 1, wherein the 
challenges to be transmitted to the terminal are transmitted in an internet protocol 
datagram to be sent through an internet protocol network. 

9. (Previously Presented) The method as defined in claim 1 for an internet 
protocol network, wherein the authentication data blocks are transmitted to the home 
agent of the terminal and with the aid of the data unit message is given to the home agent 
about which key corresponding to which challenge was chosen, whereby the check value 
is determined in the home agent. 

10. (Previously Presented) A system, comprising: 

in a terminal of the network, a first message transmission unit configured to 
transmit an authenticator and a data unit to the network, the data unit including 
information relating to the manner in which the authenticator is formed; and 

a checking unit configured to determine a check value with aid of the data unit, 

wherein 
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the terminal of the network includes such an identification unit, which receives as 
input a challenge from which a response and a key are defined essentially in a same 
manner as in a subscriber identity module of a known mobile communications system, 

the system includes a generating unit configured to generate authentication data 
blocks in the same manner as in the mobile communications system, the authentication 
data blocks include a challenge, a response and a key, 

the system includes a transmission unit configured to transmit challenges 
contained by the authentication data blocks to the terminal, 

the terminal includes a selection unit configured to select one challenge for use, 

the first message transmission unit inserts such a value into the data unit which 
indicates which key corresponding to which challenge was selected for use in the 
terminal, and 

the first message transmission unit determines the authenticator and the checking 
unit determine the check value based on the selected key. 

11. (Previously Presented) The system as defined in claim 10, wherein the 
identification unit located in connection with the terminal is a subscriber identity module 
used in the mobile communications system. 

12. (Previously Presented) The system as defined in claim 10, wherein the said 
generating unit includes an authentication center of the mobile communications system. 
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13. (Previously Presented) The system as defined in claim 10, wherein the said 
transmission unit include a unit for carrying out a known short message switching 
service. 

14. (Currently Amended) A method, comprising: 

generating a set of subscriber-specific authentication data blocks, each 
authentication data block containing a challenge, a response and a key; 

transmitting at least some of the challenges contained in the authentication data 
blocks to a terminal; 

choosing one of the challenges for use in the terminal and based on the challenge, 
determining a response and a key to be used with an aid of an identification unit of the 
terminal; 

receiving an authenticator and a data unit containing information relating to a 
manner in which the authenticator is formed from the terminal; 

determining based on said data unit which challenge was chosen by the terminal; 

and 

determining a check value with the key corresponding to the chosen challenge, 
said check value to be compared with the authenticator. 
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15. (Previously Presented) The method as defined in claim 14, wherein said data 
unit is a security parameter index in the registration message of a mobile internet 
protocol. 

16. (Previously Presented) The method as defined in claim 14, wherein said data 
unit comprises the response corresponding to the chosen challenge. 

17. (Previously Presented) A method, comprising: 

receiving a set of challenges from a telecommunications network, wherein each 
one of the challenges is contained in an authentication data block comprising said one of 
said challenges, a response and a key; 

choosing one challenge from the set of challenges; 

determining a response and a key based on the chosen challenge; 

determining an authenticator based on the key corresponding to the chosen 
challenge; 

transmitting said authenticator and a data unit to the telecommunications network, 
said data unit relating to the manner in which the authenticator is formed; and 

notifying the telecommunications network of the chosen challenge, wherein a 
check value is determined with the key corresponding to the chosen challenge and said 
check value is compared with the authenticator. 
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18. (Previously Presented) The method as defined in claim 17, wherein said data 
unit is a security parameter index in the registration message of a mobile internet 
protocol. 

19. (Previously Presented) The method as defined in claim 17, wherein said data 
unit comprises the response corresponding to the chosen challenge. 

20. (Currently Amended) An apparatus comprising: 

a generator configured to generate a set of subscriber-specific authentication data 
blocks, each authentication data block containing a challenge, a response and a key; 

a transmitter configured to transmit at least some of the challenges contained in 
the authentication data blocks to a terminal; 

a processor configured to choose one of the challenges for use in the terminal, and 
based on the challenge, to determine a response and a key to be used with an aid of an 
identification unit of the terminal; 

a receiver configured to receive an authenticator and a data unit containing 
information relating to a manner in which the authenticator is formed; 

a first determiner configured to determine based on said data unit which challenge 
was chosen by the terminal; and 
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a second determiner configured to determine a check value with the key 
corresponding to the chosen challenge, said check value to be compared with the 
authenticator. 

21. (Currently Amended) An apparatus, comprising: 

a receiver configured to receive a set of challenges from a telecommunications 
networ k, wherein each one of the challenges is contained in an authentication data block 
comprising said one of said challenges, a response and key ; 

a selector configured to choose one challenge from the set of challenges; 

a first determiner configured to determine a response and a key based on the 
chosen challenge; 

a second determiner configured to determine an authenticator based on the key 
corresponding to the chosen challenge; and 

a transmitter configured to transmit said authenticator and a data unit to the 
telecommunications network, said data unit relating to the manner in which the 
authenticator is formed and to notify the telecommunications network of the chosen 
challenge , wherein a check value is determined with the key corresponding to the chosen 
challenge and said check value is compared with the authenticator , 

22. (Previously Presented) An apparatus, comprising: 
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generating means for generating a set of subscriber-specific authentication data 
blocks into the network, each data block containing a challenge, a response and a key, 
whereby the generation is performed in the same manner as in a known mobile 
communications system; 

transmitting means for transmitting at least some of the challenges contained in the 
authentication data blocks to the terminal; 

choosing means for choosing one of the challenges for use in the terminal, and 
based on the challenge, determining a response and a key to be used with an aid of an 
identification unit of the terminal essentially in the same way as in a subscriber 
identification module of the mobile communication system; 

determining means for determining an authenticator with an aid of the chosen key 
in the terminal; 

transmitting means for transmitting from the terminal to the network authenticator 
and a data unit, the data unit containing information relating to the manner in which the 
authentication is formed and notifying the network with the aid of the data unit of which 
key corresponding to which challenge was chosen, and a check value with the aid of the 
chosen key in the network; and 

comparing means for comparing the check value with the authenticator. 
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23. (Previously Presented) An apparatus, comprising: 

receiving means for receiving a set of challenges from a telecommunications 
network, wherein each one of the challenges is contained in an authentication data block 
comprising said one of said challenges, a response and a key; 

choosing means for choosing one challenge from the set of challenges; 

determining means for determining a response and a key based on the chosen 
challenge; 

determining means for determining an authenticator based on the key 
corresponding to the chosen challenge; 

transmitting means for transmitting said authenticator and a data unit to the 
telecommunications network, said data unit relating to the manner in which the 
authenticator is formed; and 

notifying means for notifying the telecommunications network of the chosen 
challenge, wherein a check value is determined with the key corresponding to the chosen 
challenge and said check value is compared with the authenticator. 

24. (Previously Presented) A computer program embodied on a computer- 
readable medium configured to control a processor to perform: 

generating a set of subscriber-specific authentication data blocks into the network, 
each data block containing a challenge, a response and a key, whereby the generation is 
performed in the same manner as in a known mobile communications system; 
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transmitting at least some of the challenges contained in the authentication data 
blocks to the terminal; 

choosing one of the challenges for use in the terminal, and based on the challenge, 
determining a response and a key to be used with an aid of an identification unit of the 
terminal essentially in the same way as in a subscriber identification module of the 
mobile communication system; 

determining an authenticator with an aid of the chosen key in the terminal; 

transmitting, from the terminal to the network, the authenticator and a data unit, 
the data unit containing information relating to the manner in which the authentication is 
formed and notifying the network with the aid of the data unit of which key 
corresponding to which challenge was chosen, and a check value with the aid of the 
chosen key in the network; and 

comparing the check value with the authenticator. 

25. (Currently Amended) A computer program embodied on a computer-readable 
medium configured to control a processor to perform: 

generating a set of subscriber-specific authentication data blocks, each 
authentication data block containing a challenge, a response and a key; 

transmitting at least some of the challenges contained in the authentication data 
blocks to a terminal; 
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choosing one of the challenges for use in the terminal, and based on the challenge, 
determining a response and a key to be used with an aid of an identification unit of the 
terminal; 

receiving an authenticator and a data unit containing information relating to a 
manner in which the authenticator is formed from the terminal; 

determining based on said data unit which challenge was chosen by the terminal; 

and 

determining a check value with the key corresponding to the chosen challenge, 
said check value to be compared with the authenticator. 

26. (Currently Amended) A computer program embodied on a computer-readable 
medium configured to control a processor to perform: 

receiving a set of challenges from a telecommunications networ k, wherein each 
one of the challenges is contained in an authentication data block comprising said one of 
said challenges, a response and kev : 

choosing one challenge from the set of challenges; 

determining a response and a key based on the chosen challenge; 

determining an authenticator based on the key corresponding to the chosen 
challenge; 

transmitting said authenticator and a data unit to the telecommunications network, 
said data unit relating to the manner in which the authenticator is formed; and 
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notifying the telecommunications network of the chosen challenge , wherein a 
check value is determined with the key corresponding to the chosen challenge and said 
check value is compared with the authenticator . 

27. (Previously Presented) The apparatus as defined in claim 20, wherein the data 
unit is a security parameter index in the registration message of the mobile internet 
protocol . 

28. (Previously Presented) The apparatus as defined in claim 20, wherein the 
value of the response determined at the terminal is inserted into the data unit. 

29. (Previously Presented) The apparatus as defined in claim 20, wherein the 
challenges are sorted in an order at the terminal with the aid of predetermined sorting 
criteria, and a consecutive number corresponding to the chosen challenge is inserted into 
the data unit. 

30. (Previously Presented) The apparatus as defined in claim 20, wherein the 
challenges to be transmitted to the terminal are transmitted in an internet protocol 
datagram to be sent through an internet protocol network. 
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31. (Previously Presented) The apparatus as defined in claim 21, wherein the data 
unit is a security parameter index in the registration message of the mobile internet 
protocol . 

32. (Previously Presented) The apparatus as defined in claim 21, wherein the 
value of the response determined at the terminal is inserted into the data unit. 

33. (Previously Presented) The apparatus as defined in claim 21, wherein the 
challenges are sorted in an order at the terminal with the aid of predetermined sorting 
criteria, and a consecutive number corresponding to the chosen challenge is inserted into 
the data unit. 

34. (Previously Presented) The apparatus as defined in claim 21, wherein the 
challenges to be transmitted to the terminal are transmitted by using a known short 
message switching service. 

35. (Previously Presented) The apparatus as defined in claim 21, wherein the 
challenges to be transmitted to the terminal are transmitted in an internet protocol 
datagram to be sent through an internet protocol network. 
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